CS 393/682 Network Security. Nasir Memon Polytechnic University Module 7 Virtual Private Networks
|
|
- Tabitha Lawson
- 8 years ago
- Views:
Transcription
1 CS 393/682 Network Security Nasir Memon Polytechnic University Module 7 Virtual Private Networks
2 Course Logistics Midterm next week. Old exams posted Brief review at end of this module HW 4 assigned, due after midterm 4/1,3/03 Module 7 - VPN's 2
3 Where do we provide security? Firewall Application layer S-MIME, PGP, Kerberos etc. Transport layer SSL, TSL. Network layer VPN, IPSEC 4/1,3/03 Module 7 - VPN's 3
4 Public and Private Networks What is a Public Network? Examples - Internet, PSTN Insecure, unreliable Cheap. Ubiquitous. What is a Private Network? Examples - LANs, Intranet Secure, reliable Expensive. Limited availability and access Virtual Private Networks try to get the best of both worlds! 4/1,3/03 Module 7 - VPN's 4
5 Dedicated Connectivity Solutions 4/1,3/03 Module 7 - VPN's 5
6 Connectivity Using Internet 4/1,3/03 Module 7 - VPN's 6
7 Internet is the ubiquitous network 4/1,3/03 Module 7 - VPN's 7
8 What is a VPN? A Virtual Private Network (VPN) is a private network constructed within a public network infrastructure, such as the global Internet. A VPN connects the components and resources of one network over another network. Usually, this is done by a combination of tunneling, encryption, authentication, and access control technologies and services used to carry traffic over the Internet, a managed IP network or a provider's backbone. 4/1,3/03 Module 7 - VPN's 8
9 Virtual Private Network 4/1,3/03 Module 7 - VPN's 9
10 Why VPN? Driving Forces 4/1,3/03 Module 7 - VPN's 10
11 VPN for Remote User Access Over the Internet VPNs provide remote access to corporate resources over the public Internet, while maintaining privacy of information. Rather than making a leased line, long distance (or 1-800) call to a corporate or outsourced Network Access Server (NAS), the user first calls a local ISP NAS phone number. Using the local connection to the ISP, the VPN software creates a virtual private network between the dial-up user and the corporate VPN server across the Internet. 4/1,3/03 Module 7 - VPN's 11
12 Using a VPN to connect a remote client to a private LAN 4/1,3/03 Module 7 - VPN's 12
13 Using VPN to Connect a Branch Office to a Corporate LAN Rather than using an expensive long-haul dedicated circuit between the branch office and the corporate hub, both the branch office and the corporate hub routers can use a local dedicated circuit and local ISP to connect to the Internet. The VPN software uses the local ISP connections and the public Internet to create a virtual private network between the branch office router and corporate hub router. 4/1,3/03 Module 7 - VPN's 13
14 Using a VPN to connect two remote sites 4/1,3/03 Module 7 - VPN's 14
15 VPN for Connecting Computers Over an Intranet In some corporate internets, the departmental data is so sensitive that the department's LAN is physically disconnected from the rest of the corporate internet. While this protects the department's confidential information, it creates information accessibility problems for those users not physically connected to the separate LAN. VPN can be used to provide access to secured LAN from corporate intranet. 4/1,3/03 Module 7 - VPN's 15
16 Using a VPN to connect to a two computers on the same Intranet 4/1,3/03 Module 7 - VPN's 16
17 VPN Requirements User Authentication. VPN must verify a user's identity and restrict VPN access. Audit and accounting records to show who accessed what information and when. Address Management. VPN must assign client's address on private net and ensure that addresses are kept private. Data Encryption. Data carried on the public network must be rendered unreadable to unauthorized clients on the network. Key Management. VPN must generate and refresh encryption keys for the client and server. Multiprotocol Support. VPN must be able to handle common protocols used in the public network. These include Internet Protocol (IP), and so on. 4/1,3/03 Module 7 - VPN's 17
18 Tunneling VPNs allow the user to tunnel through the Internet or another public network in a manner that lets the tunnel participants enjoy the same security and features available in private networks The secure connection across the internetwork appears to the user as a private network communication-despite the fact that this communication occurs over a public internetwork-hence the name Virtual Private Network. 4/1,3/03 Module 7 - VPN's 18
19 Tunneling 4/1,3/03 Module 7 - VPN's 19
20 Tunneling Tunneling is a method of using an internetwork infrastructure to transfer data from one network over another network. The data to be transferred (or payload) can be the frames (or packets) of another protocol. Instead of sending a frame as it is produced by the originating node, the tunneling protocol encapsulates the frame in an additional header. The additional header provides routing information so that the encapsulated payload can traverse the intermediate internetwork. 4/1,3/03 Module 7 - VPN's 20
21 Tunneling The encapsulated packets are then routed between tunnel endpoints over the internetwork. The logical path through which the encapsulated packets travel through the internetwork is called a tunnel. Once the encapsulated frames reach their destination on the internetwork, the frame is unencapsulated and forwarded to its final destination. Note that tunneling includes this entire process (encapsulation, transmission, and unencapsulation of packets). 4/1,3/03 Module 7 - VPN's 21
22 Tunneling Protocols Generic Routing Encapsulation (GRE), as defined in RFCs 1701/1702, is used by a wide variety of tunneling protocols The Point-to-Point Tunneling Protocol (PPTP), created by Microsoft and Ascend Communications, is an extension of Point-to-Point protocol (PPP) for Windows and Netware client/server environments. The Ascend Tunnel Management Protocol (ATMP), defined as RFC 2107, implements both GRE and PPTP for tunneling IP, IPX, NetBIOS and NetBEUI traffic. 4/1,3/03 Module 7 - VPN's 22
23 Tunneling Protocols Layer-2 Forwarding (L2F) is a tunneling protocol created by Cisco Systems. The Layer-2 Tunneling Protocol (L2TP) is proposed standard to combine best features of L2F and PPTP. Data Link Switching (DLSw), defined by IBM and now an industry standard, encapsulates SNA traffic in IP. Mobile IP is designed to tunnel IP within IP for individuals traveling away from their "home" network. IPsec supports tunneling with or without encryption. 4/1,3/03 Module 7 - VPN's 23
24 Why So Many VPN Solutions? For some companies, a VPN is a substitute for remote-access servers. For others, a VPN may consist of traffic over the Internet between protected LANs. The protocols that have been developed for VPNs reflect this dichotomy. PPTP, L2F and L2TP are largely aimed at dialup VPNs IPSec's main focus has been LAN-to-LAN solutions. 4/1,3/03 Module 7 - VPN's 24
25 PPTP From Microsoft Widely supported standard Follows Client Server model Based on PPP 4/1,3/03 Module 7 - VPN's 25
26 What is PPTP? Simply: PPP in IP Traditional PPP dial up frames are encapsulated in IP PPP is ubiquitous dial up standard PPP is multi-protocol, extensible, and authenticated 4/1,3/03 Module 7 - VPN's 26
27 Review of PPP PPP provides three things: A framing method that unambiguously delineates the end of one frame and the start of the next one. The frame format also handles error detection. A link control protocol for bringing up lines, testing them, negotiating options, and bringing them down gracefully when no longer needed. This protocol is called Link Control Protocol (LCP). A way to negotiate network layer options in a way that is independent of the network layer protocol to be used. The method chosen is to have a different Network Control Protocol (NCP) for each network layer supported. 4/1,3/03 Module 7 - VPN's 27
28 Review of PPP Typical connection setup: Home PC Modem calls Internet Provider's router: sets up physical link PC sends series of LCP packets Select PPP (data link) parameters Authenticate PC sends series of NCP packets Select network parameters E.g., Get dynamic IP address Transfer IP packets 4/1,3/03 Module 7 - VPN's 28
29 Review of PPP 4/1,3/03 Module 7 - VPN's 29
30 Review of PPP PPP handles error detection, supports multiple protocols, allows IP addresses to be negotiated at connection time, permits authentication. It is used on both dial-up lines and router to router leased lines 4/1,3/03 Module 7 - VPN's 30
31 Review of PPP PPP Suite: LCP NCPs - IPCP, IPXCP, ATCP, etc. CCP ECP CHAP PAP 4/1,3/03 Module 7 - VPN's 31
32 The CHAP Process 4/1,3/03 Module 7 - VPN's 32
33 PPTP Details Tunnel Between PPTP FEP or Client, and PPTP server Control and Data Channel Many PPP sessions carried Control Channel TCP based (IANA port 1723) Session establishment, tear down, and management Data Channel Enhanced GRE encapsulation (Ethertype 0x880B, IP Protocol ID 47) Flow control for congestion and link feedback 4/1,3/03 Module 7 - VPN's 33
34 Conceptual Model of PPTP Remote Users Corporate Intranets PPP(IP) PPTP IP(PPP(IP)) ABC Corp. Any PPP client PC PSTN ISDN... IP(PPP(IPX) ) POP B Internet IP, IPX, or XYZ Corp. PPTP-enabled client PC Internet Svc Provider Access Server Front-Ends IP, IPX, or 4/1,3/03 Module 7 - VPN's 34
35 PPTP Components Generally, there are three computers involved in every PPTP deployment: a PPTP client a network access server a PPTP server Note: You do not need the network access server in order to create a PPTP tunnel when using a PPTP client connected to a LAN to connect to a PPTP server connected to the same LAN. 4/1,3/03 Module 7 - VPN's 35
36 The PPTP Tunnel 4/1,3/03 Module 7 - VPN's 36
37 A Typical PPTP Data Packet Media IP GRE PPP PPP Payload 4/1,3/03 Module 7 - VPN's 37
38 PPTP Encapsulation 4/1,3/03 Module 7 - VPN's 38
39 GRE 4/1,3/03 Module 7 - VPN's 39
40 PPTP Architecture Overview Secure communication created using PPTP typically involves three processes. Each requires successful completion of the previous process. PPP Connection and Communication. A PPTP client uses PPP to connect to an ISP by using a standard telephone line or ISDN line. PPTP Control Connection. Using the connection to the Internet established by the PPP protocol, the PPTP protocol creates a control connection from the PPTP client to a PPTP server on the Internet. This connection uses TCP and is a called a PPTP tunnel. PPTP Data Tunneling. Finally, PPTP creates IP datagrams containing encrypted PPP packets which are sent through PPTP tunnel to the PPTP server. The PPTP server disassembles the IP datagrams and decrypts the PPP packets, and then routes the decrypted packets to the private network. 4/1,3/03 Module 7 - VPN's 40
41 PPTP Authentication 3 Authentication options cleartext passwords (like PAP) hashed passwords MS-CHAP (or Microsoft Authentication ) Link-layer encryption available, if you pick Microsoft Authentication 4/1,3/03 Module 7 - VPN's 41
42 LAN Manager Hash Developed by Microsoft for OS/2 Used wherever network authentication is needed Algorithm: Truncate/Pad password to 14 characters Upcase password Split the password into two 7-byte halves using DES, build {c}k1 + {c}k2, c a constant 4/1,3/03 Module 7 - VPN's 42
43 Flaws in the LAN Manager hash This algorithm is very vulnerable to dictionary attacks Passwords less than 7 characters will result in a hash whose last 8 bytes are known And we can still brute-force each half of the hash separately if the password s longer Password space is much smaller than DES keyspace - There s no salt So we can build up a dictionary of encrypted passwords 4/1,3/03 Module 7 - VPN's 43
44 NT hash Later systems (NT and 95) calculate MD4(unicode password) but there s still no salt and the password space is still small and most applications need to calculate both NT hash and LMHash for backwardscompatibility 4/1,3/03 Module 7 - VPN's 44
45 MS-CHAP C->S challenge, please? S->C 8-byte challenge C calculates NT and LM hashes, pads to 21 bytes C divides NT and LM hash into 3 7-byte keys each and uses them to encrypt the challenge C->S {challenge}k1 + {challenge}k2 + {challenge}k3, preferred hash Both hashes are always sent 4/1,3/03 Module 7 - VPN's 45
46 Problems with MS-CHAP Protocol is vulnerable to flaws in LM hashes Many ways to speed up key searches: Null padding means the third key only has 2 15 possibilities - this gets us 2 key bytes for cheap. Once we ve got these, we guess the middle keys, encrypt the LAN Manager constant under our guess and check just the last two bytes against them. Finally, we brute-force the first 7 bytes 4/1,3/03 Module 7 - VPN's 46
47 Microsoft Point-to-Point Encryption After authentication, MS PPTP does link-layer encryption 40 or 128-bit RC4 Key is generated by either hashing the LM Hash using SHA1 and truncating (40-bit mode),sha1 on the concatenation of the 64-bit nonce and the 64- bit Windows NT hash (64-bit mode) Key is regenerated every 256 packets by hashing the preceding key and the first key Key can be recovered by password cracking, even if it is 128 bit! 4/1,3/03 Module 7 - VPN's 47
48 Getting the Encryption Key With 40 bit RC4, because there is no salt, an attacker can precompute a dictionary of ciphertext PPP headers, and then quickly look-up a given ciphertext in this dictionary. Moreover, the same 40-bit RC4 key is generated every time the same user initializes the PPTP protocol. Since RC4 is an output-feedback mode cipher, one can break the encryption from the ciphertext from two sessions. Same key is used for communications in both directions!! This automatically gives you above. 4/1,3/03 Module 7 - VPN's 48
49 MS-CHAP v2 1. Client requests a login challenge from the Server. 2. The Server sends back a 16-byte random challenge. 3a. The Client generates a random 16-byte number, called the Peer Authenticator Challenge." 3b. The Client generates an 8-byte challenge by hashing the 16-byte challenge received in step (2), the 16-byte Peer Authenticator Challenge generated in step (3a), and the Client's username. 3c. Client creates a 24-byte reply, using the Windows NT hash function and the 8-byte challenge generated in step (3b). This process is identical to MS-CHAPv1. 3d. The Client sends the Server the results of steps (3a) and (3c). 4/1,3/03 Module 7 - VPN's 49
50 MS-CHAP v2 4a. The Server uses the hashes of the Client's password, stored in a database,to decrypt the replies. If the decrypted blocks match the challenge, the Client is authenticated. 4b. The Server uses the 16-byte Peer Authenticator Challenge from the client, as well as the Client's hashed password, to create a 20-byte Authenticator Response." 5. The Client also computes the Authenticator Response. If the computed response matches the received response, the Server is authenticated. 4/1,3/03 Module 7 - VPN's 50
51 Deriving the 20-byte Authenticator Response The Server (or the Client) hashes the 16-byte NT password hash with to get password-hash-hash. (The Server stores the client's password hashed with MD4; this is the NT password hash value.) The Server concatenates the password-hash-hash, the 24-byte NT response, and the literal string "Magic server to client constant", and then hashes the result with SHA. The Server concatenates the 20-byte SHA output from step (2), the initial 8-byte generated challenge and the literal string "Pad to make it do more than one iteration", and then hashes the result with SHA. Resulting 20 bytes are the authenticator response. 4/1,3/03 Module 7 - VPN's 51
52 Deriving MPPE keys from MS-CHAPv2 credentials Deriving MPPE keys from MS-CHAPv2 credentials works as follows: Hash 16-byte NT password hash, 24-byte response from MS- CHAPv2 exchange, and a 27-byte constant (the string "This is the MPPE Master Key") with SHA. Truncate to get 16-byte master-master key. Using a deterministic process, convert the master-master key to a pair of session keys. For 40-bit session keys, this is done as follows: Hash the master-master key, 40 bytes of 0x00, an 84-byte constant and 40 bytes of 0xF2 with SHA. Truncate to get an 8-byte output. Set the high-order 24 bits of 0xd1269e, resulting in a 40-bit key. The magic constants are different, for keys to o encrypt traffic from the Client to the Server and from Server to the Client. For 128-bit session keys, the process is as follows: Hash master-master key, 40 bytes of 0x00, 84-byte constant (magic constant 2 or 3), and 40 bytes of 0xF2 with SHA. Truncate to 16-byte output. 4/1,3/03 Module 7 - VPN's 52
53 Version Rollback Attack Since Microsoft has attempted to retain some backwards compatibility with MS-CHAPv1, it is possible for an attacker to mount a "version rollback attack". In this attack, the attacker convinces both the Client and the Server not to negotiate the more secure MS-CHAPv2 protocol, but to use the less secure MS-CHAPv1 protocol. Microsoft claims that the operating systems will try to negotiate MS-CHAPv2 first, and only drop back to MS-CHAPv1 if the first negotiation fails Additionally, it is possible to set the Server to require MS- CHAPv2. Software switches to turn off backwards compatibility are registry settings, and can be difficult to find. Since older versions of Windows cannot support MS-CHAPv2, backwards compatibility must be turned on if there are any legacy users on the network. Hence version rollback attacks are a significant threat. 4/1,3/03 Module 7 - VPN's 53
54 MS-CHAP v1 and v2 MS-CHAP Version 1 Negotiates CHAP with an algorithm value of 0x80. Server sends an 8-byte challenge value. Client sends 24-byte LANMAN and 24-byte NT response to 8-byte challenge. MS-CHAP Version 2 Negotiates CHAP with an algorithm value of 0x81. Server sends a 16-byte value to be used by the client in creating an 8-byte challenge value. Client sends 16-byte peer challenge that was used in creating the hidden 8-byte challenge, and the 24-byte NT response. 4/1,3/03 Module 7 - VPN's 54
55 MS-CHAP v1 and v2 Server sends a response stating SUCCESS or FAILURE. Client decides to continue or end based upon the SUCCESS or FAILURE response above. Server sends a response stating SUCCESS or FAILURE and piggybacks an Authenticator Response to the 16-byte peer challenge. Client decides to continue or end based upon the SUCCESS or FAILURE response above. In addition, Client checks the validity of the Authenticator Response and disconnects if it is not the expected value. 4/1,3/03 Module 7 - VPN's 55
56 Further Reading 4/1,3/03 Module 7 - VPN's 56
Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer
Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)
More informationCisco Which VPN Solution is Right for You?
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
More informationApplication Note: Onsight Device VPN Configuration V1.1
Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationChapter 10 Security Protocols of the Data Link Layer
Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) [NetSec], WS 2006/2007 10.1 Scope of Link Layer Security Protocols
More informationVPN. VPN For BIPAC 741/743GE
VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,
More informationConnecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003 Microsoft Corporation Published: March 2003 Abstract Business professionals today require access to information on their network from anywhere
More informationVPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls
Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Computer Net Lab/Praktikum Datenverarbeitung 2 1 VPN - Definition VPNs (Virtual Private Networks) allow secure data transmission
More informationVPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
VPN SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the
More informationIP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw
IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company
More informationOverview. Protocols. VPN and Firewalls
Computer Network Lab 2015 Fachgebiet Technische h Informatik, Joachim Zumbrägel Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls VPN-Definition VPNs (Virtual Private Networks)
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationIntranet Security Solution
Intranet Security Solution 1. Introduction With the increase in information and economic exchange, there are more and more enterprises need to communicate with their partners, suppliers, customers or their
More informationVirtual Private Network and Remote Access Setup
CHAPTER 10 Virtual Private Network and Remote Access Setup 10.1 Introduction A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks
More informationAN OVERVIEW OF REMOTE ACCESS VPNS: ARCHITECTURE AND EFFICIENT INSTALLATION
AN OVERVIEW OF REMOTE ACCESS VPNS: ARCHITECTURE AND EFFICIENT INSTALLATION DR. P. RAJAMOHAN SENIOR LECTURER, SCHOOL OF INFORMATION TECHNOLOGY, SEGi UNIVERSITY, TAMAN SAINS SELANGOR, KOTA DAMANSARA, PJU
More informationFirewalls and Virtual Private Networks
CHAPTER 9 Firewalls and Virtual Private Networks Introduction In Chapter 8, we discussed the issue of security in remote access networks. In this chapter we will consider how security is applied in remote
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationChapter 12 Supporting Network Address Translation (NAT)
[Previous] [Next] Chapter 12 Supporting Network Address Translation (NAT) About This Chapter Network address translation (NAT) is a protocol that allows a network with private addresses to access information
More informationVirtual Private Network and Remote Access
Virtual Private Network and Remote Access Introduction A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. A
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationVIRTUAL PRIVATE NETWORKS: SECURE REMOTE ACCESS OVER THE INTERNET
51-10-38 DATA COMMUNICATIONS MANAGEMENT VIRTUAL PRIVATE NETWORKS: SECURE REMOTE ACCESS OVER THE INTERNET John R. Vacca INSIDE Remote User Access over the Internet; Connecting Networks over the Internet;
More informationVirtual Private Networks
Virtual Private Networks The Ohio State University Columbus, OH 43210 Jain@cse.ohio-State.Edu http://www.cse.ohio-state.edu/~jain/ 1 Overview Types of VPNs When and why VPN? VPN Design Issues Security
More informationHow Virtual Private Networks Work
How Virtual Private Networks Work by Jeff Tyson This article has been reprinted from http://computer.howstuffworks.com/ Please note that the web site includes two animated diagrams which explain in greater
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSite to Site Virtual Private Networks (VPNs):
Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0
More information7.1. Remote Access Connection
7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationRemote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6
Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6 Ahmed A. Joha, Fathi Ben Shatwan, Majdi Ashibani The Higher Institute of Industry Misurata, Libya goha_99@yahoo.com
More informationIP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract
Abstract Virtual Private Networks (VPNs) are today becoming the most universal method for remote access. They enable Service Provider to take advantage of the power of the Internet by providing a private
More informationChapter 4: Security of the architecture, and lower layer security (network security) 1
Chapter 4: Security of the architecture, and lower layer security (network security) 1 Outline Security of the architecture Access control Lower layer security Data link layer VPN access Wireless access
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationCreating a VPN Using Windows 2003 Server and XP Professional
Creating a VPN Using Windows 2003 Server and XP Professional Recommended Instructor Preparation for Learning Activity Instructor Notes: There are two main types of VPNs: User-to-Network This type of VPN
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationVPN Solutions. Lesson 10. etoken Certification Course. April 2004
VPN Solutions Lesson 10 April 2004 etoken Certification Course VPN Overview Lesson 10a April 2004 etoken Certification Course Virtual Private Network A Virtual Private Network (VPN) is a private data network
More informationModule 6. Configuring and Troubleshooting Routing and Remote Access. Contents:
Configuring and Troubleshooting Routing and Remote Access 6-1 Module 6 Configuring and Troubleshooting Routing and Remote Access Contents: Lesson 1: Configuring Network Access 6-3 Lesson 2: Configuring
More informationComparison of VPN Protocols IPSec, PPTP, and L2TP
Project Report ECE 646 (Fall 2001) Comparison of VPN Protocols IPSec, PPTP, and L2TP Poonam Arora, Prem R. Vemuganti, Praveen Allani Department of Electrical and Computer Engineering George Mason University
More informationVirtual Private Networks
Virtual Private Networks Rene Bahena Felipe Flores COEN 150 Project Report Chapter 1: What is a VPN? VPN stands for Virtual Private Network and is a way of making a secure remote connection to a private
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationCCNA Security 1.1 Instructional Resource
CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where
More informationWireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com
Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationPPP encapsulation has been carefully designed to retain compatibility with most commonly used supporting hardware. PPP encapsulates data frames for
PPP Concept 1 What is PPP? Recall that HDLC is the default serial encapsulation method when you connect two Cisco routers. With an added protocol type field, the Cisco version of HDLC is proprietary. Thus,
More informationINTRODUCTION... 2 Windows 7... 2 Windows 8... 7 Mac OS X... 11 Ubuntu... 15 Advanced routing... 18 Windows... 18 Mac OS X... 18 Ubuntu...
INTRODUCTION... 2 Windows 7... 2 Windows 8... 7 Mac OS X... 11 Ubuntu... 15 Advanced routing... 18 Windows... 18 Mac OS X... 18 Ubuntu... 18 Updated: Juha Jokinen Page (1/18) INTRODUCTION This is a guide
More informationModule 10: Supporting Remote Users
Module 10: Supporting Remote Users Contents Overview 1 Establishing Remote Access Connections 2 Connecting to Virtual Private Networks 13 Configuring Inbound Connections 17 Configuring Authentication Protocols
More informationThis chapter describes how to set up and manage VPN service in Mac OS X Server.
6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure
More informationIBM enetwork VPN Solutions
IBM enetwork VPN Solutions the Reach of Your Network Extend Agenda Description and Value of a VPN VPN Technology IBM's VPN Solutions and Future Enhancements Summary What is a VPN? Remote Access Business
More informationIP Tunneling and VPNs
IP Tunneling and VPNs Overview Objectives The purpose of this module is to explain Virtual Private Network (VPN) concepts and to overview various L2 and L3 tunneling techniques that allow for implementation
More informationWAN Data Link Protocols
WAN Data Link Protocols In addition to Physical layer devices, WANs require Data Link layer protocols to establish the link across the communication line from the sending to the receiving device. 1 Data
More informationToday s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities
SSL/TLS Today s Topics Server Certificates Client Certificates Certification Authorities Trust Registration Authorities VPN IPSec Client tunnels LAN-to-LAN tunnels Secure Sockets Layer Secure Sockets Layer
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationCryptanalysis of Microsoft s PPTP Authentication Extensions (MS-CHAPv2)
Cryptanalysis of Microsoft s PPTP Authentication Extensions (MS-CHAPv2) Bruce Schneier Counterpane Systems schneier@counterpane.com Mudge L0pht Heavy Industries mudge@l0pht.com David Wagner UC Berkeley
More informationWindows Server 2003 Remote Access Overview
Windows Server 2003 Remote Access Overview Microsoft Corporation Published: March 2003 Abstract Remote access allows users with remote computers to create a logical connection to an organization network
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationMatrix Technical Support Mailer 167 NAVAN CNX200 PPTP VPN with Windows Client
Matrix Technical Support Mailer 167 NAVAN CNX200 PPTP VPN with Windows Client 22/07/2014 Dear Friends, This mailer helps you in understanding and configuring PPTP VPN of Matrix NAVAN CNX200 with Windows
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationVirtual Private Networks: IPSec vs. SSL
Virtual Private Networks: IPSec vs. SSL IPSec SSL Michael Daye Jr. Instructor: Dr. Lunsford ICTN 4040-001 April 16 th 2007 Virtual Private Networks: IPSec vs. SSL In today s society organizations and companies
More informationSophos UTM. Remote Access via PPTP. Configuring UTM and Client
Sophos UTM Remote Access via PPTP Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without
More informationTable of Contents. Cisco Cisco VPN Client FAQ
Table of Contents Cisco VPN Client FAQ...1 Questions...1 Introduction...2 Q. Why does the VPN Client disconnect after 30 minutes? Can I extend this time period?...2 Q. I upgraded to Mac OS X 10.3 (known
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationMCTS Guide to Microsoft Windows 7. Chapter 14 Remote Access
MCTS Guide to Microsoft Windows 7 Chapter 14 Remote Access Objectives Understand remote access and remote control features in Windows 7 Understand virtual private networking features in Windows 7 Describe
More informationSetting up VPN Access for Remote Diagnostics Support
Setting up VPN Access for Remote Diagnostics Support D. R. Joseph, Inc. supports both dial-up and Internet access for remote support of 3GIBC1 and LF-Sizer control systems. This document describes how
More informationNetwork Security. Chapter 10 Security Protocols of the Data Link Layer
Network Security Chapter 10 Security Protocols of the Data Link Layer! IEEE 802.1x! Point-to-Point Protocol (PPP)! Point-to-Point Tunneling Protocol (PPTP)! Layer 2 Tunneling Protocol (L2TP)! Virtual Private
More informationVirtual Private Networks Solutions for Secure Remote Access. White Paper
Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information
More informationGPRS / 3G Services: VPN solutions supported
GPRS / 3G Services: VPN solutions supported GPRS / 3G VPN soluti An O2 White Paper An O2 White Paper Contents Page No. 3 4-6 4 5 6 6 7-10 7-8 9 9 9 10 11-14 11-12 13 13 13 14 15 16 Chapter No. 1. Executive
More informationSLIP and PPP. Gursharan Singh Tatla. mailme@gursharansingh.in www.eazynotes.com. 1 www.eazynotes.com
SLIP and PPP Gursharan Singh Tatla mailme@gursharansingh.in 1 Data Link Layer in Internet We know that Internet consists of individual systems that are connected to each other. Basically, it is wide are
More informationHow Virtual Private Networks Work
How Virtual Private Networks Work Document ID: 14106 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information What Makes a VPN? Analogy: Each LAN Is an IsLANd
More informationChapter 17 Determining Windows 2000 Network Security Strategies
625 CHAPTER 17 Determining Windows 2000 Network Security Strategies Today, most organizations want their computer infrastructure connected to the Internet because it provides valuable services to their
More informationJoe Davies Principal Writer Windows Server Documentation
Joe Davies Principal Writer Windows Server Documentation Presented at Seattle Windows Networking User Group monthly meeting September 1, 2010 Agenda Brief VPN technology overview VPN features in Windows
More informationVirtual Private Networks (VPN) Connectivity and Management Policy
Connectivity and Management Policy VPN Policy for Connectivity into the State of Idaho s Wide Area Network (WAN) 02 September 2005, v1.9 (Previous revision: 14 December, v1.8) Applicability: All VPN connections
More informationVPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert
VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert Contents: 1.0 Introduction p2 1.1 Ok, what is the problem? p2 1.2 Port Forwarding and Edge based Solutions p2 1.3 What is a VPN? p2 1.4
More informationUnderstanding the Cisco VPN Client
Understanding the Cisco VPN Client The Cisco VPN Client for Windows (referred to in this user guide as VPN Client) is a software program that runs on a Microsoft Windows -based PC. The VPN Client on a
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationData Link Protocols. TCP/IP Suite and OSI Reference Model
Data Link Protocols Relates to Lab. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet, and the Point-to-Point Protocol (PPP). 1 TCP/IP Suite
More informationVIRTUAL PRIVATE NETWORKS SECURITY
87-10-26 DATA SECURITY MANAGEMENT VIRTUAL PRIVATE NETWORKS SECURITY John R. Vacca INSIDE Public Key Encryption; Public Key-Based Certificates; Audit Verification between Discovered Security Policy and
More informationObjectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how
More informationExecutive Summary and Purpose
ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on
More informationUnderstand Wide Area Networks (WANs)
Understand Wide Area Networks (WANs) Lesson Overview In this lesson, you will review: Dial-up Integrated services digital networks (ISDN) Leased lines Virtual private networks (VPN) Wide area networks
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationAstaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client
Astaro Security Gateway V8 Remote Access via L2TP over IPSec Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationIPsec VPN Security between Aruba Remote Access Points and Mobility Controllers
IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers Application Note Revision 1.0 10 February 2011 Copyright 2011. Aruba Networks, Inc. All rights reserved. IPsec VPN Security
More informationL2F Case Study Overview
LF Case Study Overview Introduction This case study describes how one Internet service provider (ISP) plans, designs, and implements an access virtual private network (VPN) by using Layer Forwarding (LF)
More informationIP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49
IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security
More information"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"
To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: aparnagulhane@gmail.com Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of
More informationNetwork Security. Lecture 3
Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationSecure Network Design: Designing a DMZ & VPN
Secure Network Design: Designing a DMZ & VPN DMZ : VPN : pet.ece.iisc.ernet.in/chetan/.../vpn- PPTfinal.PPT 1 IT352 Network Security Najwa AlGhamdi Introduction DMZ stands for DeMilitarized Zone. A network
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationHow to configure VPN function on TP-LINK Routers
How to configure VPN function on TP-LINK Routers 1. VPN Overview... 2 2. How to configure LAN-to-LAN IPsec VPN on TP-LINK Router... 3 3. How to configure GreenBow IPsec VPN Client with a TP-LINK VPN Router...
More informationCTS2134 Introduction to Networking. Module 07: Wide Area Networks
CTS2134 Introduction to Networking Module 07: Wide Area Networks WAN cloud Central Office (CO) Local loop WAN components Demarcation point (demarc) Consumer Premises Equipment (CPE) Channel Service Unit/Data
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationCommon Remote Service Platform (crsp) Security Concept
Siemens Remote Support Services Common Remote Service Platform (crsp) Security Concept White Paper April 2013 1 Contents Siemens AG, Sector Industry, Industry Automation, Automation Systems This entry
More informationVirtual Private Networks (VPN) VPN. Agenda. Classical VPN s
Virtual Private Networks (VPN) VPN Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP) old idea private networks of different customers can share a single WAN infrastructure since 1980
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationWireless Networks. Welcome to Wireless
Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationDomain 6.0: Network Security
ExamForce.com CompTIA Network+ N10-004 Study Guide 1 Domain 6.0: Network Security Chapter 6 6.1 Explain the function of hardware and software security devices Network based firewall, Host based firewall
More informationReti Private Virtuali - VPN
1 Reti Private Virtuali - VPN Marco Misitano, CISSP Enterprise Conulting, Security misi@cisco.com Ordine degli Ingegneri della Provincia di Milano 2 Agenda Technology introduction Remote Access VPN Site
More information